Hub
CVE-2014-0177
LOW
Severity by source
AV:L/AC:L/Au:N/C:N/I:P/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:L/AC:L/Au:N/C:N/I:P/A:P
Lifecycle Timeline
1DescriptionCVE.org
The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file.
AnalysisAI
The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-310. The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file. Affected products include: Github Hub. Version information: before 1.12.1.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-leve
Authentication bypass in JetBrains Hub (the identity and account-management server behind TeamCity, YouTrack, and other
Account takeover in JetBrains Hub is possible through predictable restore codes, affecting all versions prior to 2026.1.
Hub v2.0 property management system allows unauthenticated arbitrary file upload via /utils/uploadFile. Malicious PDF fi
In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. Rated critical severity (CVSS 9.8), this vulne
In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed. Rated critical severity
In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset. Rated critical severity (CVSS
JetBrains Hub before 2025.3.119807 has an authentication bypass allowing administrative actions without proper credentia
JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). Rated critical severity (C
Privilege escalation in JetBrains Hub (versions prior to 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024
Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for
In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address. Rated high
Same weakness CWE-310 – Cryptographic Issues
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today